Configuring VPN
Advanced Configuration of IPsec VPN
Cisco SA500 Series Security Appliances Administration Guide 152
7
• Encryption Algorithm: Choose the algorithm that is used to encrypt the
data.
• Integrity Algorithm: Choose the algorithm that is used to verify the integrity
of the data.
• PFS Key Group: Check this box to enable Perfect Forward Secrecy (PFS) to
improve security. While this option is slower, it ensures that a Diffie-Hellman
exchange is performed for every phase-2 negotiation.
• Select IKE Policy: Choose the IKE policy to define the characteristics of
phase-1 of the negotiation. Configuring the IKE Policies for IPsec VPN,
page 144.
STEP 7 In the Redundant VPN Gateway Parameters area, enter the following information
to create a backup policy for this policy:
• Enable Redundant Gateway for this policy?: Check this box to make a
backup policy for this policy. When the tunnel for this policy is down, the
backup tunnel automatically becomes active.
• Select Back- up Policy: Choose a policy to act as a backup of this policy.
This list includes only those policies that can be configured as back up
policies.
NOTE A backup policy should meet the following conditions:
1. The Type should be Auto.
2. The DPD should be enabled.
3. The Direction should be either initiator or both.
4. The XAuth configuration should be None or IPsec Host.
5. The policy should be Gateway only, not client.
• Failback time to switch from back-up to primary: Enter the number of
seconds that must pass to confirm that primary tunnel has recovered from a
failure. If the primary tunnel is up for the specified number of seconds, the
security appliance will switch to the primary tunnel by disabling the backup
tunnel.
STEP 8 Click Apply to save your settings.
NOTE Next steps:
• To view the status of the VPN tunnels, click Status > VPN Status > IPsec
Status. For more information, see IPsec VPN Status, page 210.
• To view IPsec VPN logs, click Status > View Logs > IPsec VPN Logs. For
more information, see IPsec VPN Logs, page 215.
To Next Page
Loading...
Need help?
General
